Oracle Blog

Identity and Federation

Saturday Sep 13, 2008

There is a lot of buzz around OAuth. It provides a very simple and secure way for users to give access to their personal data.
At core of the protocol is a token access protocol between service providers (where personal data exists) and consumers (entity requesting personal data) and a mechanism to interact with the user for allowing the data access.
Mere implementation of the OAuth protocol is not sufficient for a practical deployment - two key functions need to be supplied to make it useful:

Policy driven transfer of personal information. Eg : Particular picture/album, Home address, health records between start date and end date. This policy needs to be a union of service provider wide policies and user controlled policies.

Audit logs to record user content and data transferred.

I plan to provide deep technical deepdive into OpenSSO on providing these functions in upcoming blogs.
Earlier incarnations of OpenSSO (Access Manager 7.x) have already delved into solving this problem
as part of Liberty Interaction Service implementation. For people not familiar with this protocol, Liberty Alliance's Interaction service in collaboration with Liberty Discovery Service provides similar functionality to OAuth going a step further by taking privacy and interoperabiliy into consideration, but at the expense of some complexity in its implementation.